Thanks to Justin Carmony for this awesome slice of fail.

1
2
3
4
5
6
7
8
9
10
11
12

<?php

class SecurityFail
{

    // Encrypt Passwords for Highest Level of Security.
    static public function encrypt($pword)
    {
        return md5($pword);
    }

}

There are right ways and wrong ways to encrypt and store passwords, and a simple md5() hash is one of the wrong ways. Here are some links you might research instead of rolling your own crypto.

• See this Stack Overflow discussion regarding secure password hashing in PHP
• You might work through this PHP tutorial on securely hashing PHP passwords
• Check out the portable PHP password hashing framework